[Dnsmasq-discuss] DNSMasq, DHCP, Shorewall, and Proxy Arp

richardvoigt at gmail.com richardvoigt at gmail.com
Sun Feb 3 01:02:01 GMT 2008


On Feb 2, 2008 11:58 PM, Steve H. <steve at csquaredtech.com> wrote:
>
> Gaah - re-adding the mailing list..
> On Saturday 02 February 2008 03:22:01 pm you wrote:
> > On Feb 2, 2008 3:48 PM, Steve H. <steve at csquaredtech.com> wrote:
> > > On Saturday 02 February 2008 01:03:06 pm you wrote:
> > > > This won't work, because 1.2.3.4 is outside the local subnet of the
> > > > device, which therefore uses a gateway to reach it.  You need a local
> > > > gateway.
> > >
> > > Actually, it works perfectly - and has for over a year...All the machines
> > > are on 1 physical wire (actually, a hub/switch), and I just add a route
> > > to the network and gateway in /etc/network/interfaces.  For example, if
> > > my firewall/gateway was 1.2.159.162 on a 1.2.159.160/28 net-block, I'd
> > > use: up route add -net  1.2.159.160 netmask 255.255.255.240 eth0
> > >   up route add -host 1.2.159.162 eth0
> > >   up route add default gw 1.2.159.162 eth0
> > >
> > > This works great, and I don't eat up an address in the /28's for a
> > > gateway. This is one reason I'd like to move to DHCP - I'd like to pass
> > > the routes to be added (1.2.159.160/28 and 1.2.159.162/32) via DHCP so if
> > > my configurations change, I don't have to manually update all the
> > > machines.
> >
> > I can see how that configuration might work, but it is far more
> > complex than originally described.  I'm also not sure you could pass
> > those routes, which involve specific device specifications instead of
> > next-hop routers, over DHCP.
> >
> Hmm - I was just going to pass a route to 1.2.159.160/28 and a default gateway
> to all DHCP devices.  I think that should be ok via DHCP options (i.e.
> the 'static routes' option ?)
>
> > > > You'd need this anyway, see above.
> > >
> > > No I don't - see above.  If DNSMasq doesn't support this on its own, can
> > > I use a 'dhcp relay agent' to achieve this. ('this' being 1 dhcp server
> > > that responds to all the net-blocks on the local ether segment).  I'm
> > > guessing the error here is due to DNSMasq not having an address in the
> > > net-blocks its serving.  Perhaps having a DHCP relay forward requests to
> > > the actual I.P. of the interface DNSMasq is sitting on (192.168.0.2)
> > > would 'fix' this ?
> >
> > What if the netmask for the interface on the DNSMasq box/gateway was
> > expanded to include all addresses?  I guess that could mess up your
> > global routing.  A DHCP relay sounds like a reasonable solution.
> >
>
> yeah - I'm leaning towards a DHCP relay solution.  What I don't understand is
> why DNSMasq is confused.  I told it to serve a specific range, and the client
> gave it a hostname to match (via /etc/hosts) to a specific I.P. in the range.
> Even more confusingly, the firewall has static routes to every host in the
> ranges due to shorewall (it adds a route for every host it does proxy arp
> for).  So I can't figure out why DNSMasq is so unhappy :-/

I think it's because DNSMasq can simultaneous serve DHCP on multiple
interfaces, and so it has to map from the interface to the address
pool.  It uses the interface IP address to do that.  Since it also
supports relays from beyond other routers, having a route to an
address is insufficient for giving it out on an interface.

>
> Steve
>
>
>



More information about the Dnsmasq-discuss mailing list